(Please CC me on replies.)
PF offers a group keyword for a rule to only apply if the packets are from
sockets owned by the specified group.
This was noted by itojun in
http://mail-index.netbsd.org/tech-net/2003/06/30/0042.html but there are
so many emails that I didn't see anything related to this.
Are there plans to have socket struct also contain the gid?
DragonFly (and FreeBSD) socket has:
struct ucred *so_cred; /* user credentials */
And this ucred has various information like real group id, saved group id.
OpenBSD has the real and effective group IDs.
Anyways, I am curious: has there been any work or proposals related to
this for NetBSD?
Ploease carbon-copy me on replies.
Jeremy C. Reed
Open source, Unix, *BSD, Linux training
http://www.pugetsoundtechnology.com/